On Thu, 2013-08-15 at 11:50 -0400, Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > There was duplicated code in cc_file_check_existing() and in > cc_dir_check_existing(). I pulled them into the same function. > > There are two changes made to the original code here: > 1) Fixes a use-after-free bug in cc_file_check_existing(). In the > original code, we called krb5_free_context() and then used that > context immediately after that in krb5_cc_close(). This patch > corrects the ordering
Thanks, I also hate to see so much was duplicated. > 2) The krb5_cc_resolve() call handles KRB5_FCC_NOFILE for all > cache types. Previously, this was only handled for DIR caches. > > This second part I need someone with Kerberos knowledge to verify. Is > there a risk of receiving this error for the FILE or KEYRING types, > and if so is this handling still acceptable or should they be > special-cased? All there types will return that error (which is actually a File ccache error later reused by DIR and KEYRING). And no I do not think there should be any special casing. LGTM. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
